The ratelimit plugin enables response rate limiting to mitigate DNS attacks.
ratelimit LIMIT
- LIMIT the amount of responses-per-second allowed from an IP.
ratelimit LIMIT {
whitelist [IPs...]
}
whitelistthe list of IPs exluded from rate limit.
If monitoring is enabled (via the prometheus plugin) then the following metric are exported:
coredns_ratelimit_dropped_request_total{server}- count per server
ratelimit 50 {
whitelist 127.0.0.1 192.168.1.25 10.240.1.1
}